rpms/bind
6
0
Fork 1
Code Issues Pull Requests Releases Activity

Support also setting limits from named-checkconf -z

Browse Source 
Consider configurable limits when setting limits from configuration
file. This avoid reporting issues when enabled by default check of
configuration is run on reload or restart of named.

Resolves: RHEL-61936
This commit is contained in:
Petr Menšík 2025-10-07 16:21:19 +02:00
parent b086d1a343
commit 15b79e9259
2 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
bind-9.11-d-max-records-checkconf.patch Normal file
View File

@ -0,0 +1,61 @@
From 83f283c3aeae99570c9e4c20f10e92ba565fc4be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 7 Oct 2025 16:18:03 +0200
Subject: [PATCH] Implement settings limits also in named-checkconf
Read and parse max-records-per-type and max-types-per-name options in
case -z parameter is passed.
---
bin/check/named-checkconf.c | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index e5afd52..42ef76c 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -415,6 +415,24 @@ configure_zone(const char *vclass, const char *view,
return (result);
}
+/* Red Hat 9.11 specific extension. */
+static void
+configure_maxrecords(const cfg_obj_t *voptions)
+{
+ cfg_obj_t *obj;
+ isc_result_t result;
+
+ obj = NULL;
+ result = cfg_map_get(voptions, "max-records-per-type", &obj);
+ if (result == ISC_R_SUCCESS)
+ dns_db_setmaxrrperset(cfg_obj_asuint32(obj));
+
+ obj = NULL;
+ result = cfg_map_get(voptions, "max-types-per-name", &obj);
+ if (result == ISC_R_SUCCESS)
+ dns_db_setmaxtypepername(cfg_obj_asuint32(obj));
+}
+
/*% configure a view */
static isc_result_t
configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
@@ -431,10 +449,15 @@ configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
voptions = cfg_tuple_get(vconfig, "options");
zonelist = NULL;
- if (voptions != NULL)
+ if (voptions != NULL) {
(void)cfg_map_get(voptions, "zone", &zonelist);
- else
+ configure_maxrecords(voptions);
+ } else {
(void)cfg_map_get(config, "zone", &zonelist);
+ tresult = cfg_map_get(config, "options", &voptions);
+ if (tresult == ISC_R_SUCCESS)
+ configure_maxrecords(voptions);
+ }
for (element = cfg_list_first(zonelist);
element != NULL;
--
2.51.0

3
bind.spec
View File

@ -203,6 +203,7 @@ Patch210: bind-9.18-CVE-2024-11187.patch
# RH downstream, adds limits configurable from file
Patch211: bind-9.11-d-max-records-per-type.patch
Patch212: bind-9.11-d-max-types-per-name.patch
Patch213: bind-9.11-d-max-records-checkconf.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -630,6 +631,7 @@ are used for building ISC DHCP.
%patch -P 210 -p1 -b .CVE-2024-11187
%patch -P 211 -p1 -b .records-per-type
%patch -P 212 -p1 -b .types-per-name
%patch -P 213 -p1 -b .records-checkconf
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1685,6 +1687,7 @@ rm -rf ${RPM_BUILD_ROOT}
* Thu Jul 10 2025 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-16.5
- Add support for max-records-per-type and max-types-per-name options
(RHEL-61936)
- Support reading of new options also in named-checkconf -z, v2
* Thu Feb 06 2025 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-16.4
- Change patches applying to use -P parameter